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( jf. (Once Amended) The firewall system [claimed in claim 1] as in claims Jff.£%* or wherein 
the firewall [application comprises] box executes a plurality of proxy agents, each of the 
plurality of proxy agents [being individually suited,] configured to verify the incomming 
access request in accordance with a port number indicated in an incoming access request [, 
for verifying the incoming access request]. 

\% < * 3 

X (Once Amended) The firewall system [claimed in claim 1] as in claims^, 48. or wherein 

the at least one proxy agent verifies that a source address associated with an incoming access 
request is authorized to access the network element. 

fYtf> (Once Amended) The firewall system [claimed in claim 6] as in claims^ 47* or ff? , wherein the 
at least one proxy agent prompts the user to enter a user name and verifies the user name 
entered. 

_ 3 

* yf. (Once Amended) The firewall system [claimed in claim 9] as in claim 49? wherein the second 
^ password is a random number. 

H ^ 3 

y{. (Once Amended) The firewall system [claimed in claim 9] as in claim Jtff * wherein the [out- 
of-bands means] communication channel is a beeper. 


v 


(Once Amended) The firewall system [claimed in claim 1 ] as in claims 47. ^ or wherein 
the at least one proxy agent verifies that an incoming access request contains no executable 
commands directed to the firewall box. 

)A. (Once Amended) The firewall system [claimed in claim 1 ] as in claims^. 4& or wherein 
the at least one proxy agent verifies that a destination associated with an incoming access 
request is valid. 

(Once Amended) The firewall system [claimed in claim 14] as in claims jt^ ft£ or 4# . 
wherein the at least one proxy agent verifies that a destination indicated in an incoming 
access request is valid for a user associated with the incoming access request. 
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(Once Amended) The firewall system [claimed in claim 1 ] as in claims 47, 4£ orJ$ * wherein 
the at least one proxy agent addresses the network element according to an alias. 


(Once Amended) The firewall system [claimed in claim 1] as in claims ^f. ^ or ^ 
the at least one proxy agent manages the connection the network element. 

lip 1 X ? 

(Once Amended) The firewall system [claimed in claim 1 ] as in claims 4^ or ^9 . 

the at least one proxy agent operates in a daemon mode. 


wherein 


wherein 


n 



nee Amended) The firewall system [claimed in claim 1 ] as in claims 4rf* jd. or wherein 
an operating system of the firewall box performs packet filtering. 

(Once Amended) The firewall system [claimed in claim 1] as in claims j?f* 48? or further 


composing: 

A router attached between the firewall box and the public network, which router performs 


packet filtering. 


^T(Once Amended) The firewall system [of claim 1] as in claims 47^ 4$. or j# further 
comprising: 

a transaction log for recording information regarding an access request. 


(Once Amended) The firewall method [claimed in claim 23] as in claims>& or pZ . 
wherein an assigned proxy agent is selected from a plurality of proxy agents, each of the 
plurality of proxy agents configured to verify the incoming access request [b eing individually 
suited,] in accordance with a port number indicated in an incoming access request^ for 
verifying the incoming access request]. 

Jfi. (Once Amended) The firewall method [claimed in claim 23] as in claims ffi ^l/or 5# . 
wherein the step of verifying the authority of the incoming access request includes: 
using the at least one proxy agent to verify that a source address associated with an 
incoming access request is authorized to access the network element. 
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Jj£ ^'(Once Amended) The firewall method [claimed in claim 27] as in claims orJ& T 
wherein the method further comprises the steps of: 

using the at least one proxy agent to prompt the user to enter a user name; and 
verifying the authority of the user name entered. 

(Once Amended) The firewall method [claimed in claim 27] as in claims 5&jtf or 5tL 
wherein the method further comprises the steps of: 

using the at least one proxy agent to prompt the user to enter a user name and a password; 

and 

verifying the authority of the user name and password entered. 

__ _ 

(Once Amended) The firewall method [claimed in claim 30] as in claim wherein the 
second password is a random number. 

J jfl. (Once Amended) The firewall method [claimed in claim 30] as in claim M , wherein the [out- 
of-bands means is] communication channel includes a beeper. 



(Once Amended) The firewall method [claimed in claim 23] as in claims ^4 or>£ 
wherein the step of verifying the authority of the incoming access request includes: 

[using the at least one proxy agent to verify] verifying that an incoming access request 
contains no executable commands. 

^SoT (Once Amended) The firewall method [claimed in claim 23] as in claims 50. Sf or ftz . 
wherein the step of verifying the authority of the incoming access request includes: 

[using the at least one proxy agent to verify] verifying that a destination associated with 
an incoming access request is valid. 

^jtf (Once Amended) The firewall method [claimed in claim 23] as in claims 5& Si or 
wherein the step of verifying the authority of the incoming access request includes: 

[using the at least one proxy agent to verify] verifying that a destination indicated in an 
incoming access request is valid for a user associated with the incoming access request. 
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yi. (Once Amended) The firewall method [claimed in claim 23] as in claims 5# >for 

wherein the step of [using the proxy agent to form] forming a connection to the network 
element on behalf of the incoming access request includes: 

addressing the network element according to an alias. 

** X s Hit? 

(ft >5.(Once Amended) The firewall method [claimed in claim 23] as in claims JK$. 5]f or 
wherein the at least one proxy agent operates in a daemon mode. 

yf- (Once Amended) The firewall method [claimed in claim 23] as in claims 50T5^r or 
wherein the method [is operates in a UNIX environment and the method] further includes the 
step of: 

having the at least one proxy perform a Changeroot command prior to processing an 
incoming access request. 

£0. (Once Amended) The firewall method [claimed in claim 23] as in claims 50. Sf or jbl * 
wherein the method further includes the step of 

performing packet filtering on the incoming access request. 

^ / u € £ 

. (Once Amended) The firewall method [claimed in claim 23] as in claims 50. 5a or ftl . further 
comprising the step of: 

maintaining a transaction log for recording information regarding an access 
request. 


Please add new claims 47 to 52: 


$ ' tff. A firewall system for protecting a network element fofm access over a network to which 
the network element is attached, the firewall system comprising: 
| \) a firewall box comprising a stand alone computing platform; 

a first connection connecting the firewall box to the network element; and * 

i * ■ 

4 

at least one proxy agent running on the firewall box for verifying that an access request 
packet received over the first connection is authorized ;to access the network element, the at least 

" - **■ f * , ' J ' 4 • - 

11 * ' - ! 'z ' '■; : ' 

one proxy agent initiating a connection to the network element on behalf of the kccess request if 
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the access request is authorized, wherein the at least one proxy agent verifies that a time period 
during which an incoming access request is received is valid. 

/ /TO. A firewall system for protecting a network element «fefm access over a network to which 
the network element is attached, the firewall system comprising: 

a firewall box comprising a stand alone computing platform; 
a first connection connecting the firewall box to the network element; and 
at least one proxy agent running on the firewall box for verifying that an access request 
packet received over the first connection is authorized to access the network element, the at least 
one proxy agent initiating a connection to the network element on behalf of the access request if 
the access request is authorized; 

wherein the at least one proxy agent performs a Changeroot command prior to processing 
an incoming access request. 


|0 


H Aft. A firewall svstem for protecting a network element form j 


A firewall system for protecting a network element ^form access over a network to which 
the network element is attached, the firewall system comprising: 

a firewall box comprising a stand alone computing platform; 
a first connection connecting the network to the firewall box; 
a second connection connecting the firewall box to the network element; and 
at least one proxy agent running on the firewall box for verifying that an access request 
packet received over the first connection is authorized to access the network element, the at least 
one proxy agent initiating a connection to the network element on behalf of the access request if 
the access request is authorized, wherein the at least one proxy agent prompts the user to enter a 
user name and a password and verifies that a user associated with an incoming access request is 
authorized to access the network element, and upon receiving and verifying the user name and 
password, communicates a second password to the user using a communication channel other 
than the computer network being used to initiate the connection, which second password is to be 
entered by the user to advance a logon process. 


A firewall method for protecting a network element from unauthorized access over a 
network to which the network element is attached, the method comprising the steps of: 
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receiving an incoming access request; 

assigning a proxy agent to the incoming access request in accordance with a port number 
indicated in the incoming access request; 

verifying the authority of the incoming access request to access the protected network 
element; 

forming a connection to the network element via the proxy agent on behalf of the 
incoming access request, if the authority of the incoming access request is verifiec^/ 

wherein the step of verifying the authority of the incoming access request includes: 

determining the identity of a source of the incoming access request; 

initiating a first set of verification checks in response to a first identified source; 

and 

initiating a second set of verification checks in response to a second identified 

source. 




1 . A firewall method for protecting a network element firom unauthorized access over a 
network to which the network element is attached, the nj#hod comprising the steps of: 
receiving an incoming access request; 

assigning a proxy agent to the incoming ^fcess request in accordance with a port number 
indicated in the incoming access request; 

verifying the authority of the inconjj&g access request to access the protected network 
element; and thereafter 

forming a connection to the^fetwork element via the proxy agent on behalf of the 
incoming access request if the authority of the incoming access request is verified; 

wherein the step ofyerifying the authority of the incoming access request includes: 
verifying that a/user associated with an incoming access request is authorized to access 
the network demerit; and, 

communicating a second password to the user using a communication channel other than 
the network connection, which second password is to be entered by the user to advance a logon 
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